Slideshare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our User Agreement and Privacy Policy.

Slideshare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our Privacy Policy and User Agreement for details.

Skyword will be compliant with the EU General Data Protection Regulation (GDPR) when it goes into effect on May 25, 2018. We know that this is top of mind for all of you, and we have been working diligently for months to ensure our platform, policies, and procedures meet GDPR requirements.

Join Skyword's CMO, Tricia Travaline, and Chief Technology and Data Protection Officer, John Mihalik, delivered these slides in a webinar to provide an overview of Skyword's new data protection policies.

A series of laws that were approved by the EU Parliament in 2016 These laws will come into affect on May 25th 2018 GDPR is an initiative by the EU to bring data protection legislation into line with new ways that data is now used New regulations will give users great control over their data, including the ability to export it, withdraw consent, and request access to it. It will affect any company that does business with Europe, whether they are based in the EU or not Fines can be the greater of €20 million, or four percent of annual worldwide turnover

The bullet points appear correct in PPT but not in Google Slides. I just want to ensure that they will show up correctly in the final presentation.

Database encryption: Comes at two levels – the entire database is encrypted. Data elements that include particularly sensitive information (such as taxpayer ID) are additionally encrypted at the column level. Passwords are stored in such a way that even Skyword personnel cannot recover them.

Data retention: Though the Skyword tracking tag has been updated to not log PII (perhaps that discussion should come before data retention), we will only retain detailed tracking information for 7 days (6 months for SPR data). We are working on automated data retention policies for contributor data – but in the interim we will honor removal requests insofar as we can

“Elimination”: Perhaps “exclusion” is a better word? Pseudonymization, which already masks PII, is our default behavior. Anonymization is offered at customer request for further protection. Exclusion is by the end user’s request

9.
9
What is “Personal Data” as Defined by GDPR?
“‘personal data’ means any information relating to an identified or
identifiable natural person (‘data subject’); an identifiable natural person
is one who can be identified, directly or indirectly, in particular by
reference to an identifier such as a name, an identification number,
location data, an online identifier or to one or more factors specific to the
physical, physiological, genetic, mental, economic, cultural or social
identity of that natural person;”
- Article 4, GDPR

10.
• Privacy Shield is an agreement between the EU and US allowing for the transfer of personal
data from the EU to US.
• The GDPR has specific requirements regarding the transfer of data out of the EU.
• One of these requirements is that the transfer must only happen to countries deemed as
having adequate data protection laws.
• In general the EU does not list the US as one of the countries that meets this requirement.
• Privacy Shield is designed to create an program whereby participating companies are
deemed as having adequate protection, and therefore facilitate the transfer of information.
• In short, Privacy Shield allows US companies, or EU companies working with US companies,
to meet this requirement of the GDPR.
What is the Privacy Shield?
11
What is the Privacy Shield?